The Right to Privacy Under the Armour of Digitalisation: Muddling Through Troubled Waters
Saumya Ranjan Dixit*
India is currently witnessing waves of digitalization which is accelerating the transformation of courts into transparent, cost-effective and interoperable institutions for speedy delivery of justice. However, this is impeded by the disintegration between the IT system used by courts for internal case management and the system utilised for data dissemination resulting in non-uniformity in the tagging of cases as per the related statutes, mismatching reporting section numbers, missing data fields in cases and other technical issues. Further, the inhibitions posed by the huge digital divide and the ill-preparedness of professionals to adapt to the advancement exaggerate the existing challenges. But what has missed the spotlight is the menace of privacy-related issues specifically concerned with the erasure of personal information stored in the digital database and the scope of its accessibility to others due to ill-management of the digital storage space.
This article focuses on these challenges faced in the realm of information privacy which need to be cured to better achieve the intended goals of digitalization. Firstly, it highlights the serious effects of the disclosure of personal information of the parties involved in court proceedings and the need to recognise the right to be forgotten in the digital sphere to protect their privacy from being infringed. Secondly, the article presents the issue of finding the right receiver of personal sensitive information of the litigants and contends for a strict differentiation between those to whom such data must be shared and those who must be precluded from receiving such data. Further, various concerns related to uploading live court proceedings on social media sites are mentioned showcasing its impact on the privacy of both advocates and litigants. Lastly, a set of recommendations is provided to cure such infirmities by bringing robust legislation in place and broadening the scope of the right to be forgotten.
Demystifying the Devil in Digital Database - The Erasure of Personal Information
The advent of digitalization has transformed the storage of court records from stockpiling paper bundles to aggregating data in digital databases. But what is concerning is that such databases also contain personal information of the parties to the proceedings. This information is essential for the judges to conduct the trial and decide the liability of the accused; however, anchored to it are issues of privacy infringement due to the disclosure of such information in the public domain via digitalised platforms which is hampering the potential life prospects of the parties. This can be seen in the case of Vysakh K.G. v Union of India where different cases were dealt with, including instances of previous bail order of the accused getting published after his acquittal, court order getting published after the quashing of proceedings against the accused, matrimonial disturbances and its public revelation through judgment and other cases related to minor children. The major contention running through all of these instances was that the publication of the judgments in the public domain carrying parties’ confidential personal information affected their privacy and dignity. Attending to the contention, the Kerala High Court observed that, unlike the memory of people, the internet is a permanent space so any data in it does not fade away on its own. Further, the intersection of technology and privacy poses a problem before the justice administration, thus, invading the right to be forgotten. Importantly, in this case, the court recognised the serious issue of inadequate regulations to effectively balance the virtues of the Open Court System and the protection of privacy which could affect many lives with the furtherance of digitalization.
This issue was also discussed in the case of Mahendra Kumar Jain v. State of West Bengal, where some photographs and Whatsapp chats between the deceased and her husband were disclosed by the ACP to an applicant seeking the information under the RTI Act when the investigation was continuing. It was contended that such disclosure violated Section 8(1)(j) of the RTI Act and this affected the privacy of the deceased. The court ordered the withdrawal of the published materials by observing that “The concept of personal space and information also carries with it the right to be forgotten” and that any information put in the public domain need not attain perpetuity in the minds of people and the individual preserves the right to get it erased from their memory. Further, this issue was dealt with in a few other cases as well where the accused faced difficulty in getting a job after acquittal due to the revelation of his personal information in the public sphere and in matrimonial disputes where divulgence of individuals’ personal information hampered their private lives.
The author contends that these instances could turn more perilous because with the introduction of digitalization in every segment of the legal system, starting from investigation report filing to the storage of case information and final verdict, there arises ample scope of personal data transgressing into the public zone. Even though Phase III of the Draft Digital Courts Vision & Roadmap aspires to an Interoperable Criminal Justice System (ICJS) to facilitate the seamless exchange of data between the police, courts and prisons, nonetheless, this does not offer protection from the misuse of collected data, as the collected data requires an additional safeguard to ensure that it is utilized only for the intended purpose. Moreover, analysing the case of Mahendra Kumar Jain and the proposed interoperability by Phase III, it appears that the issue of data protection is not only limited to the judicial pronouncements but also to other storage spaces available to the police and the prison departments.
Additionally, another challenge towards the effective use of technology is attaining a balanced techno-legal assemblage which supports the alignment and the parallel functioning of ICT-enabled working practices and the regulatory principles of law. In the absence of such a balanced assemblage, technology and law would act as autonomous regulative regimes and could produce unstable legal outcomes. It needs to be realised that technology cannot be inducted into the judicial system arbitrarily; rather for the technology to achieve its effectiveness it has to comply with certain prescriptions of law. This requires reconfiguration of the existing legal regime which would align the technological functions with the legal constraints and prevent producing foreboding legal outcomes.
Recognising the Right Receiver - The Rightful Recipient of the Information
As per a study conducted in North Carolina, in criminal proceedings, the amount of sensitive information of parties that appears frequently in court records includes a person’s location, criminal antecedent, health, finances and which upon exposure could negatively affect their prospects and rights. Some scholars address it as an “aggregation problem” as the information can be easily aggregated and any leak of information can breed further information in the public sphere which could then affect not only the parties but also other participants in the criminal proceedings. So, it becomes pertinent to choose participants who can access such data and control the spread of such sensitive information.
However, the task to choose the right participants seems to be a tough one as the nature of court records is like that of public records, and once it attains the public nature the right to privacy ceases to exist except having some consideration for decency. This could lead to the contemplation that court records should be equally accessible to all. However, a distinction ought to be made while granting access to sensitive personal information between the participants in the proceeding and others, especially the general public, and for such distinction, the range of persons involved in the criminal proceeding needs to be primarily recognised. This recognition is extremely crucial, as on one hand if the persons who deserve to be participants are not provided with the required confidential data then it could considerably reduce their level of legal protection, and if the information is granted to an exceeding number of persons it could pose a security threat to the protection of privacy of not only the parties but other participants as well.
There also exists another concern regarding the conduction of proceedings through video conferencing because in those conferences there is a lack of a proper mechanism to secure the private communications between the client and the counsel which are many times not feasible. Further, the court’s live streaming can also lead to the violation of the privacy of the advocates as well as the parties as was highlighted by a letter from the Gujarat High Court Advocates Association to the Chief Justice of the Gujarat High Court, where it was mentioned that the clippings of court’s live recording were uploaded on social media sites for commercial purposes with an oblique motive, and that contained not only the unsavoury conversations between the counsel and the judge but also many personal disputes involving women and children. So, it becomes essential to figure out which recordings should be revealed to the public and who should be able to access them after taking into consideration their interests and the potential invasion of their privacy.
The above analysis clearly points out two major issues of privacy associated with increased digitalization in the legal sector especially by the judicial system. One, the concerns related to the unwarranted disclosure of personal information in the digital public sphere affecting the private lives of the parties and two, the issue of finding the right receiver of the sensitive information of the litigants involved in a case to preclude other receivers from infringing their privacy. It is further highlighted that these privacy issues are driven by either lack of technological infrastructure or unregulated use of available technology, that is the problem of techno-legal assemblage, without considering its potential abuse and associated perils. The author contends to preserve the privacy of the litigants involved in sensitive cases like matrimonial disputes by not disclosing their personal information directly in legal or general databases for public display purposes. Also, extreme care is to be taken while sharing the personal details of the parties to those not involved in the case before a final decision is obtained other than those who necessitate that information to defend themselves.
Therefore, the author proposes some recommendations to address the above problems leading to the breach of privacy. Firstly, the right to be forgotten needs to be realised and applied in a manner to obscure sensitive information from being accessed by the general public in cases where it is expedient enough. The extension of this right can also be used to tackle the “aggregation problem” along with proper technological architecture to prevent the leakage of personal information. Secondly, to overcome the techno-legal assemblage problem there is a requirement of supportive legislation to guide the way technology is utilised in the process of digitalisation and create an easy path in embracing the benefits of the technological developments, and also to curb the potential perils of its irregulated application.
Scholars like Francesco Contini and Antonio Cordella in their article “Law and Technology in Civil Judicial Procedures” have highlighted that such a techno-legal assemblage issue erupted in Italy, which was solved through a supportive statutory change. In Italy, an attempt was made to digitize the civil courts and that technological system was supported by a specific legal framework and by-laws. However, an issue arose while implementing it as the lawyers were unable to access the court platforms as the local bar associations could not bear the heavy cost to design such an interface which led the entire system to collapse. However, later a statutory change was made to legally recognise “certified email” and owing to that statutory change the technological solution of providing “registered electronic mail” to the lawyers was brought. Thus, it shows that a proper balance in techno-legal architecture helped in overcoming the cost of building an interface and allowed easy access to lawyers.
Similarly, they have presented that the development of e-Barreau in French courts and e-Curia in the European Union faced such problems, which were dealt with by making adjacent legal changes which resulted in quelling the technological obstacle and attaining the techno-legal assemblage. In a similar manner, the nature of court records as public records needs to be modified to make it restrictive in nature in cases involving extremely sensitive information of parties through legislative or judicial manner. Then this legal change ought to be supported by aligned technological developments to obscure the availability of personal information to others not involved in the case then only, like the above jurisdictions, a proper techno-legal assemblage can be attained in restricting the personal data to the right receivers.
Lastly, the author contends that although the above two issues may not seem vicious in the present scenario, nipping it in the bud seems the best way to fulfil the goal of digitalization in the most frictionless manner.
* Saumya Ranjan Dixit is a 2nd-year student at the National Law University, Odisha.
The views expressed above are the author's alone and do not represent the beliefs of Pith & Substance: The CCAL Blog.